Popular White Paper On This Topic

What model is the router? Is this a corporate/domain network or just at home? For the Windows Firewall, most companies I work with have a policy to disable the Domain Networks firewall, but leave Public & Home turned on for when the users take their laptops out of the office. A good anti-virus is an important piece of the puzzle too, so even if something gets through the firewall the AV will prevent it from doing damage.

Firewall is used to prevent incorrect or abused access to a network or computer.

If all the computers behind your router are trusted computers, you may have your firewall software down and you should have no problems (it's not the best practice but it normally works fine).

But, the perimetral firewall (the ones that communicate at th edge of your network) every time should be on, except for the DMZ (DeMilitarized Zone). This prevent that any hacker or any person at last may access your network and generate a problem to you

Depends on how secure vs. how much trouble you're willing to go through. It does provide a good second wall of security, but there are other risks that a firewall doesn't stop. The growing consensus is that we (enterprise level) need to start doing this, and it's a good idea for small business and home users. Problem is while it can be done it's a real pain to do so. It may take another 3-7 years before this becomes essential, but keep in mind that the risk is real today. It will grow over time. Better (easier managed) firewalls are now available bundled with antivirus software, and that's probably the direction the industry will take.

Yes it is a good idea to enable the firewall on the router to help keep
"the bad guys" out of your network.

Personally I think it is a good idea to have a firewall active on each PC,
even on your internal network. Malware not only comes from outside of your
network, it can originate inside your network via things like infected USB
drives, email or infected laptops that connect to your network.

The second firewall is helpful especially if the Firewall on the PC is from
a different provider (even MS Firewall on the desktop is better than
nothing).

Hi,
I'm in agreement with most folks on this thread. In general, I also believe it is a good idea to install desktop firewalls on each individual PC in your network if possible. This gives protection some protection should there be a breech on the "protected" side of the network. It sounds like you're talking about a home network but in case you aren't, and you don't feel the firewall built in to your router is enough, you could consider some of the newer virtual firewall/router products. These range from totally free, based on opensource code like pfSense and FreeBSD to fully supported paid versions like the Brocade Vyatta 5400 vRouter.

In my opinion ;) this depends on four (possibly more) things but these stand out to me:

1- How big is the network in question (machines and sub-nets),
2- Will you be doing the administration/set-up yourself or is it contracted out?
3- How comfortable are you with administering this 'kind of thing' on an increasingly larger scale?
4- What does your management want/prefer - or you have 'a free hand'? ;)

Copyright 1998-2015 Ziff Davis, LLC (Toolbox.com). All rights reserved. All product names are trademarks of their respective companies. Toolbox.com is not
affiliated with or endorsed by any company listed at this site.